From owner-freebsd-security Sat Mar 13 5:25:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [207.218.152.15]) by hub.freebsd.org (Postfix) with ESMTP id 3AC8C14D5E for ; Sat, 13 Mar 1999 05:25:31 -0800 (PST) (envelope-from j@leaf.lumiere.net) Received: (from j@localhost) by leaf.lumiere.net (8.9.2/8.9.1) id FAA19545; Sat, 13 Mar 1999 05:25:13 -0800 (PST) Date: Sat, 13 Mar 1999 05:25:13 -0800 (PST) From: Jesse To: freebsd-security@freebsd.org Subject: bind 8.1.2 cache poisoning Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I scanned my archives of freebsd-security and bugtraq and was surprised not to find aynthing on the topic. Sorry if I'm missing something obvious.. I run an IRC server that's part of a small network. Recently I noticed one user with a very obviously fake hostname. The user started bragging to various people about it. He said that he had inserted bogus entries into the cache of the nameserver. So I checked around and found in the Jan 99 section of rootshell an exploit which claims to insert entries into the caches of bind 8.1.2 servers (which is what I run and as far as I can tell is the latest version). If this is true, as it appears, I'm wondering why there's been no discussion of this anywhere (or any fixes). Seems pretty serious if anyone can screw with your DNS cache.. Hopefully there's some sort of configuration error on my part that allows this to happen, but I think I have a pretty normal, secure setup. Any comments? I thought I'd check here first before writing the bind maintainers. Thanks, --- Jesse http://www.lumiere.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message